Total CVEs

142,265

Critical Severity

3,947

High Severity

14,217

Last 7 Days

1,900
Quick preset (or use dates below)
Clear Filters
Showing 12,421 - 12,440 of 14,675 CVEs
CVE-2023-38281 MEDIUM - 5.3

IBM Cloud Pak System does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can...

Vendor: IBM
Product: Cloud Pak System, OS Image for Red Hat Linux Systems
Published: Feb 04, 2026
Source: NVD
CVE-2023-38017 MEDIUM - 5.3

IBM Cloud Pak System is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Vendor: IBM
Product: Cloud Pak System, OS Image for Red Hat Linux Systems
Published: Feb 04, 2026
Source: NVD
CVE-2023-38010 MEDIUM - 5.3

IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system.

Vendor: IBM
Product: Cloud Pak System, OS Image for Red Hat Linux Systems
Published: Feb 04, 2026
Source: NVD
CVE-2023-43632 MEDIUM - 6.5

As noted in the “VTPM.md” file in the eve documentation, “VTPM is a server listening on port 8877 in EVE, exposing limited functionality of the TPM to the clients. VTPM allows clients to execute tpm2-tools binaries from a list of hardcoded options” The communication with this server is done using ...

Vendor: go
Product: github.com/lf-edge/eve
Published: Feb 04, 2026
Source: GitHub
CVE-2023-43631 MEDIUM - 5.9

On boot, the Pillar eve container checks for the existence and content of “/config/authorized_keys”. If the file is present, and contains a supported public key, the container will go on to open port 22 and enable sshd with the given keys as the authorized keys for root login. An attacker could e...

Vendor: go
Product: github.com/lf-edge/eve
Published: Feb 04, 2026
Source: GitHub
CVE-2023-43630 MEDIUM - 5.2

PCR14 is not in the list of PCRs that seal/unseal the “vault” key, but due to the change that was implemented in commit “7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4”, fixing this issue alone would not solve the problem of the config partition not being measured correctly. Also, the “vault” key is seal...

Vendor: go
Product: github.com/lf-edge/eve
Published: Feb 04, 2026
Source: GitHub

n8n is an open source workflow automation platform. Prior to 1.121.0, there is a vulnerability in the HTTP Request node's credential domain validation allowed an authenticated attacker to send requests with credentials to unintended domains, potentially leading to credential exfiltration. This ...

Vendor: npm
Product: n8n
Published: Feb 04, 2026
Source: GitHub
CVE-2025-68699 MEDIUM - 6.5

NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In version 0.24.6, NanoMQ has a protocol parsing / forwarding inconsistency when handling shared subscriptions ($share/). A malformed SUBSCRIBE topic such as $share/ab (missing the second /) is not strictly validated during the su...

Vendor: nanomq
Product: nanomq
Published: Feb 04, 2026
Source: NVD
CVE-2026-25475 MEDIUM - 6.5

OpenClaw is a personal AI assistant. Prior to version 2026.1.30, the isValidMedia() function in src/media/parse.ts allows arbitrary file paths including absolute paths, home directory paths, and directory traversal sequences. An agent can read any file on the system by outputting MEDIA:/path/to/file...

Vendor: npm
Product: openclaw
Published: Feb 04, 2026
Source: GitHub
CVE-2026-25532 MEDIUM - 6.3

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, a vulnerability exists in the WPS (Wi-Fi Protected Setup) Enrollee implementation where malformed EAP-WSC packets with truncated payloads can cause integer underflow during fra...

Vendor: espressif
Product: esp-idf
Published: Feb 04, 2026
Source: NVD
CVE-2026-25508 MEDIUM - 6.3

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, an out-of-bounds read vulnerability was reported in the BLE ATT Prepare Write handling of the BLE provisioning transport (protocomm_ble). The issue can be triggered by a remote...

Vendor: espressif
Product: esp-idf
Published: Feb 04, 2026
Source: NVD
CVE-2026-25507 MEDIUM - 6.3

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, a use-after-free vulnerability was reported in the BLE provisioning transport (protocomm_ble) layer. The issue can be triggered by a remote BLE client while the device is in pr...

Vendor: espressif
Product: esp-idf
Published: Feb 04, 2026
Source: NVD
CVE-2026-23624 MEDIUM - 4.3

GLPI is a free asset and IT management software package. In versions starting from 0.71 to before 10.0.23 and before 11.0.5, when remote authentication is used, based on SSO variables, a user can steal a GLPI session previously opened by another user on the same machine. This issue has been patched ...

Vendor: glpi-project
Product: glpi
Published: Feb 04, 2026
Source: NVD
CVE-2026-22247 MEDIUM - 4.1

GLPI is a free asset and IT management software package. From version 11.0.0 to before 11.0.5, a GLPI administrator can perform SSRF request through the Webhook feature. This issue has been patched in version 11.0.5.

Vendor: glpi-project
Product: glpi
Published: Feb 04, 2026
Source: NVD
CVE-2026-22044 MEDIUM - 6.5

GLPI is a free asset and IT management software package. From version 0.85 to before 10.0.23, an authenticated user can perform a SQL injection. This issue has been patched in version 10.0.23.

Vendor: glpi-project
Product: glpi
Published: Feb 04, 2026
Source: NVD
CVE-2026-20123 MEDIUM - 4.3

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the param...

Vendor: Cisco
Product: Cisco Evolved Programmable Network Manager (EPNM), Cisco Prime Infrastructure
Published: Feb 04, 2026
Source: NVD
CVE-2026-20111 MEDIUM - 4.8

A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the interface of an affected system. This vulnerability exists because the web-based management ...

Vendor: Cisco
Product: Cisco Prime Infrastructure
Published: Feb 04, 2026
Source: NVD
CVE-2026-20056 MEDIUM - 4.0

A vulnerability in the Dynamic Vectoring and Streaming (DVS) Engine implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass the anti-malware scanner, allowing malicious archive files to be downloaded. This vulnerability is ...

Vendor: Cisco
Product: Cisco Secure Web Appliance
Published: Feb 04, 2026
Source: NVD
CVE-2026-22549 MEDIUM - 4.9

A vulnerability exists in F5 BIG-IP Container Ingress Services that may allow excessive permissions to read cluster secrets.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Vendor: F5
Product: F5 BIG-IP Container Ingress Services
Published: Feb 04, 2026
Source: NVD
CVE-2025-70545 MEDIUM - 6.1

A stored cross-site scripting (XSS) vulnerability exists in the web management interface of the PPC (Belden) ONT 2K05X router running firmware v1.1.9_206L. The Common Gateway Interface (CGI) component improperly handles user-supplied input, allowing a remote, unauthenticated attacker to inject arbit...

Published: Feb 04, 2026
Source: NVD